Khalil El-Khatib, a networking and information technology expert in the Ontario Tech University's Institute for Cybersecurity and Resilient Systems (ICRS), recently received new research funding from Canada's National Cybersecurity Consortium (NCC) to explore a trustworthy Artificial Intelligence (AI)-based framework for self-aware drone-based swarm technologies. According to Dr. El-Khatib, the communication between drones in a swarm and the unpredictability of the swarm behavior pose significant risks and unique security issues.

According to Dr. Natalia Stakhanova, a cybersecurity researcher and expert at the University of Saskatchewan (USask), there are two ways to look at Artificial Intelligence (AI) from a security standpoint. She emphasizes that while AI appears to enable more efficient data exploitation, it also has the potential to be used for defense. When people use a social media account to store data, that data is stored on the company's computer systems, which are usually designed to be secure. However, most of these computer systems are vulnerable to clever hacks that could jeopardize data security.

There are tools that can poison data and cause Artificial Intelligence (AI) models to malfunction, but the question is whether using them is a justified response by artists to copyright infringement or a potential cybersecurity threat. In October 2023, researchers at the University of Chicago unveiled "Nightshade," a data poisoning technique designed to disrupt the training process of AI models. Nightshade and similar disruptive tools could be a defense method that content creators can use to combat web scrapers.

Resecurity has discovered "GXC Team," a cybercriminal group specializing in developing tools for online banking theft, ecommerce deception, and Internet scams. On the dark web, the group's leader recently announced significant price cuts for their products. The posts made by the leader introduced a new tool that applies Artificial Intelligence (AI) to generate fraudulent invoices for use in wire fraud and Business Email Compromise (BEC). According to an FBI report, successful BEC scams led to an average loss of more than $120,000 per incident, costing organizations more than $2.4 billion.

According to industry experts, government bans on ransomware payments risk criminalizing victims. Dominic Trott, director of strategy and alliances at Orange Cyberdefense, points out that a blanket ban on ransomware payments could "shift the focus of criminality" from perpetrators to victims. The warning is prompted by an advisory from the cybersecurity company Emsisoft, which suggested stricter government action against companies that make ransomware payments. These payments would result in ransomware groups being able to scale operations and expand attacks.

A critical Remote Code Execution (RCE) vulnerability in Ivanti's Endpoint Management (EPM) software could have enabled unauthenticated attackers to take control of enrolled devices or the core server. Ivanti EPM helps manage client devices running various platforms. The now-fixed security vulnerability, tracked as CVE-2023-39336, could have allowed an attacker with access to a target's internal network to launch low-complexity attacks that do not require privileges or user interaction. This article continues to discuss the potential exploitation and impact of the critical EPM flaw.